Reskilling workers should include cyber risk management

The reskilling movement is itself a reflection of the global trend in connectivity that is expanding the cyberattack surface daily. In 2019, the Organization for Economic Co-operation and Development (OECD) made a startling prediction: in the next 15 to 20 years, 14% of the world’s job would disappear due to advances in automation, and an additional 32% of jobs would be radically reshaped.

That forecast time frame now is less than a decade away, and the OECD issued it before the advent of generative artificial intelligence and machine learning. Changes in job skills and the application of AI/ML tools are accelerating at warp speed, which will result in more cyber exposure for organizations — and opportunities for wholesalers and retail agents and brokers to provide risk solutions.

A thoughtful articulation of the business case for reskilling and upskilling in the era of AI appeared in the Harvard Business Review in 2023. As technologies make certain jobs obsolete, workers will have to learn new skills and how to integrate new tools into their daily work. If that sounds like something already underway at many insurance industry organizations, that’s because it is. Retail agents, wholesale brokers, underwriters and claims teams are all learning new skills relating to AI and ML. Their knowledge and experience will be useful in helping policyholders who are going through the same process.

What the HBR article didn’t mention is cyber is a uniquely human risk. Whether through a malicious attack perpetrated by criminals or an unintentional network outage caused by coding errors or other mistakes, humans are at the heart of incidents that can cause material financial loss and drive cyber insurance claims.

The need for improved awareness of cyber threats and cyber hygiene has never been greater. Phishing and social engineering remain key points of vulnerability in cyberattacks. CrowdStrike’s 2025 Global Threat Report noted that social engineering has become a big business for cyber criminals, who are deploying sophisticated tactics to gain access to networks.

For example, more threat actors are resorting to voice phishing (vishing), callback phishing, and help desk social engineering attacks. The help desk impersonation tactic is particularly insidious, as it persuades victims to allow perpetrators to use legitimate remote monitoring and IT management tools to gain system access. CrowdStrike found that 79% of attack detections in 2024 did not involve malware, nearly double the percentage in 2019. Threat actors are becoming skilled at social engineering exploits that make malware unnecessary.

Claims offer insights on how to mitigate the cyber risks inherent in the human element. Seeing clearly the vulnerabilities and points of failure in events that lead to claims is helpful in reverse-engineering loss prevention techniques. Cybersecurity systems and settings certainly are important, but organizations should not overlook the critical role of human decision making.

The future of cyber risk management and cybersecurity is in human hands. Insurance wholesalers and cyber risk specialists should take that to heart in providing risk management advice and risk transfer solutions.

Jeremy Gittler is the global head of claims for Resilience, a cyber risk solutions company founded by experts from across the highest tiers of the U.S. military and intelligence communities and built by prominent leaders and innovators from the cybersecurity, technology and insurance industries. Learn more at cyberresilience.com.

See also:

• 10 states most in need of fraud education
• Insurance commissioners sound warning on 'Scattered Spider' threat
• Legacy tech has become a competitive risk to insurers